What has happened to network security innovation?

Does anyone out there share my feeling that innovation in network security has become quite scarce? I mean, look at it – the core of network security, the almighty firewall, hasn’t changed in almost 15 years. Not only is it still using the same good old Stateful Inspection to inspect traffic and control it (which means that it can only control port-specific applications, while most applications today do not use an assigned port number). Its functionality hasn’t changed that much either. Now that I think about it, the most recent attempts at innovating with network security functionality have failed as well – virtually all NAC companies are struggling, ILP or DLP, or whatever leakage prevention is called today, hasn’t taken off and point technologies such as IM control, worm mitigation and botnet elimination are not doing any better.

So I am asking myself, how come we are still spending so much money – estimated to be $5B/year - on 15 years old firewalls? What makes us avoid innovative technologies? And why is it that we do not demand innovation from our firewall vendors?

Actually, these questions are somewhat easy to answer. Why are we still buying firewalls? Because everybody knows they need a firewall and there is no better alternative – or is there? Why are we avoiding innovative technologies? Because we are tired of the appliance fatigue caused by the number of appliances we need to buy, install, manage and support to achieve our network security goals. And why aren’t we demanding more innovation from our firewall vendors? Because we know they cannot innovate -they are big and slow and they haven’t read the Innovator Dilemma. Which basically means that they believe that if they pump R&D money into innovating their stock price will be punished…

So what do we do? As we all need firewalls and none of us want to purchase additional security appliances, my conclusion is; network security innovation must be in the firewall. And the Innovator Dilemma leads to me conclude that a new firewall will come from small and innovative companies. Not from our existing firewall vendors…

More on that later…

Nir.